What to Do with a Hacked WordPress Website

What to Do with a Hacked WordPress Website

Andy Holland

Suffering from a hacked WordPress website can be extremely annoying, but there is no need to lose your mind! Taking a pragmatic approach is the best way to solve the problem of a hacked WordPress website.

So, stay calm and check out below how you can solve the problem of a hacked WordPress website.

Document Your Hacked WordPress Website

When facing a hacked WordPress website, there are a few Indicators of Compromise that will show you your website has been hacked. This includes your host disabling your website, being blacklisted by search engines and being flagged for distributing malware, amongst, much, much more.

If you notice that you have a hacked WordPress website, the first thing to do is take notes. Document all of the things you are experiencing and create a base for an incident report.

Scan Your Hacked WordPress Website

The next thing to do is scan your hacked WordPress website. Users can implement exterior remote scanners or application level scanners to do this. We recommend using a few as there is no one scanner that will report on every problem.

In addition, you should also take a look at your surrounding environment. Run full anti-virus software on your machine, as you may find that the source of the attack starts at your local box!

Get In Touch with Your Hosting Provider

Those, in particular, who are using shared hosting should check in with their hosting provider. See if they are taking any steps to resolve this problem or let them know if they need to. Normally, your hosting provider can confirm with you if you have actually been hacked or are just experiencing a loss of service.

Improve Your Passwords

You ‘ll have probably heard this before, but having strong passwords is vital when dealing with a hacked WordPress website. Use long, unique passwords for your website and make sure to include all of the access points also.

Reset All Access

If you find that you have a hacked WordPress website, lock everything down to minimise further damage. By overwriting the values in your wp-config php file, you can force anyone logged in, off.

Remove the Hack

The most daunting part of this whole process is to get rid of the problems on your hacked WordPress website. You will need to diagnose all of the symptoms and figure out whether this is something that you solve yourself. One of the best ways to fix these problems is to reinstall certain elements of the website. Just make sure that you reinstall the exact same version! When reinstalling, use the FTP/SFTP application and not the WP-ADMIN. This is because the first option is more effective over a longer period of time. You should also make sure that you are more diligent in updating and replacing files. One of the most common files used in hacked WordPress websites is the htaccess file which is found in the root of your installation folder.